Changeset 70365 in webkit


Ignore:
Timestamp:
Oct 22, 2010 4:39:13 PM (13 years ago)
Author:
jamesr@google.com
Message:

2010-10-22 James Robinson <jamesr@chromium.org>

Reviewed by Dimitri Glazkov.

REGRESSION(66391): http://ligth-arts.all-up.com/ crashes in EventHandler::selectCursor
https://bugs.webkit.org/show_bug.cgi?id=47942

Add checks for a NULL StyleImage in a CursorList.

  • css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
  • css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::loadPendingImages):
  • page/EventHandler.cpp: (WebCore::EventHandler::selectCursor):
  • rendering/style/CursorList.h: (WebCore::CursorList::at):
  • manual-tests/cursor-empty-url.html: Added.
  • manual-tests/resources/cursor-empty-url.css: Added.
Location:
trunk/WebCore
Files:
2 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebCore/ChangeLog

    r70356 r70365  
     12010-10-22  James Robinson  <jamesr@chromium.org>
     2
     3        Reviewed by Dimitri Glazkov.
     4
     5        REGRESSION(66391): http://ligth-arts.all-up.com/ crashes in EventHandler::selectCursor
     6        https://bugs.webkit.org/show_bug.cgi?id=47942
     7
     8        Add checks for a NULL StyleImage in a CursorList.
     9
     10        * css/CSSComputedStyleDeclaration.cpp:
     11        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
     12        * css/CSSStyleSelector.cpp:
     13        (WebCore::CSSStyleSelector::loadPendingImages):
     14        * page/EventHandler.cpp:
     15        (WebCore::EventHandler::selectCursor):
     16        * rendering/style/CursorList.h:
     17        (WebCore::CursorList::at):
     18        * manual-tests/cursor-empty-url.html: Added.
     19        * manual-tests/resources/cursor-empty-url.css: Added.
     20
    1212010-10-22  David Hyatt  <hyatt@apple.com>
    222
  • trunk/WebCore/css/CSSComputedStyleDeclaration.cpp

    r69220 r70365  
    891891                list = CSSValueList::createCommaSeparated();
    892892                for (unsigned i = 0; i < cursors->size(); ++i)
    893                     list->append((*cursors)[i].image()->cssValue());
     893                    if (StyleImage* image = cursors->at(i).image())
     894                        list->append(image->cssValue());
    894895            }
    895896            RefPtr<CSSValue> value = CSSPrimitiveValue::create(style->cursor());
  • trunk/WebCore/css/CSSStyleSelector.cpp

    r70335 r70365  
    68406840                if (CursorList* cursorList = m_style->cursors()) {
    68416841                    for (size_t i = 0; i < cursorList->size(); ++i) {
    6842                         CursorData& currentCursor = (*cursorList)[i];
    6843                         if (currentCursor.image()->isPendingImage()) {
    6844                             CSSImageValue* imageValue = static_cast<StylePendingImage*>(currentCursor.image())->cssImageValue();
    6845                             currentCursor.setImage(imageValue->cachedImage(cachedResourceLoader));
     6842                        CursorData& currentCursor = cursorList->at(i);
     6843                        if (StyleImage* image = currentCursor.image()) {
     6844                            if (image->isPendingImage()) {
     6845                                CSSImageValue* imageValue = static_cast<StylePendingImage*>(image)->cssImageValue();
     6846                                currentCursor.setImage(imageValue->cachedImage(cachedResourceLoader));
     6847                            }
    68466848                        }
    68476849                    }
  • trunk/WebCore/page/EventHandler.cpp

    r70356 r70365  
    10821082            const CachedImage* cimage = 0;
    10831083            StyleImage* image = (*cursors)[i].image();
    1084             if (image->isCachedImage())
     1084            if (image && image->isCachedImage())
    10851085                cimage = static_cast<StyleCachedImage*>(image)->cachedImage();
    10861086            if (!cimage)
  • trunk/WebCore/rendering/style/CursorList.h

    r66391 r70365  
    4141    const CursorData& operator[](int i) const { return m_vector[i]; }
    4242    CursorData& operator[](int i) { return m_vector[i]; }
     43    const CursorData& at(size_t i) const { return m_vector.at(i); }
     44    CursorData& at(size_t i) { return m_vector.at(i); }
    4345
    4446    bool operator==(const CursorList& o) const { return m_vector == o.m_vector; }
Note: See TracChangeset for help on using the changeset viewer.